From: Michael Tremer Date: Thu, 19 Jul 2012 14:51:50 +0000 (+0200) Subject: Remove vpn-watch. X-Git-Tag: v2.13-beta1~168^2~8 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e6a97a0ca27877bb6396c120a7ab6ec4187dac85;p=people%2Fms%2Fipfire-2.x.git Remove vpn-watch. --- diff --git a/config/rootfiles/common/stage2 b/config/rootfiles/common/stage2 index 989614275f..e59763fd42 100644 --- a/config/rootfiles/common/stage2 +++ b/config/rootfiles/common/stage2 @@ -75,7 +75,6 @@ usr/local/bin/setddns.pl usr/local/bin/settime usr/local/bin/timecheck #usr/local/bin/uname -usr/local/bin/vpn-watch #usr/local/include #usr/local/lib #usr/local/sbin diff --git a/config/rootfiles/core/strongswan/filelists/files b/config/rootfiles/core/strongswan/filelists/files index bf3185e838..b2d3df7658 100644 --- a/config/rootfiles/core/strongswan/filelists/files +++ b/config/rootfiles/core/strongswan/filelists/files @@ -1,4 +1,3 @@ etc/system-release etc/issue usr/local/bin/ipsecctrl -usr/local/bin/vpn-watch diff --git a/config/rootfiles/core/strongswan/update.sh b/config/rootfiles/core/strongswan/update.sh index 3a020d019a..7ef3f2fe78 100644 --- a/config/rootfiles/core/strongswan/update.sh +++ b/config/rootfiles/core/strongswan/update.sh @@ -34,7 +34,7 @@ done # #Stop services -ipsec stop +ipsecctrl D # #Extract files @@ -42,13 +42,14 @@ extract_files # Remove old pluto binaries. rm -f /usr/libexec/ipsec/{pluto,_pluto_adns,whack} +rm -f /usr/local/bin/vpn-watch # #Start services # Call the CGI script to regenerate the configuration files. /srv/web/ipfire/cgi-bin/vpnmain.cgi -ipsec start +ipsecctrl S # #Update Language cache diff --git a/src/scripts/vpn-watch b/src/scripts/vpn-watch deleted file mode 100755 index c32dc3c06b..0000000000 --- a/src/scripts/vpn-watch +++ /dev/null @@ -1,88 +0,0 @@ -#!/usr/bin/perl -################################################## -##### VPN-Watch.pl Version 0.7 ##### -################################################## -# # -# VPN-Watch is part of the IPFire Firewall # -# # -################################################## - -# XXX The vpn-watch daemon is disabled, because -# apparently, it is not needed anymore after -# strongswan has abandoned pluto. -exit(0); - -use strict; - -require '/var/ipfire/general-functions.pl'; -my @vpnsettings; -my $i = 0; -my $file = "/var/run/vpn-watch.pid"; -my $debug = 0; - -if ( -e $file ){ - logger("There my be another vpn-watch runnning because $file exists, vpn-watch will try kill the process."); - open(FILE, "<$file"); - my $PID = ; - close(FILE); - system("kill -9 $PID"); - } - -system("echo $$ > $file"); -my $round=0; -while ( $i == 0){ - if ($debug){logger("We will wait 60 seconds before next action.");} - sleep(60); - - $round++; - - # Reset roundcounter after 10 min. To do established check. - if ($round > 9) { $round=0; } - - if (open(FILE, "<${General::swroot}/vpn/config")) { @vpnsettings = ; - close(FILE); - unless(@vpnsettings) {exit 1;} - } - -my $status = `ipsec status`; -foreach (@vpnsettings){ - my @settings = split(/,/,$_); - - chomp($settings[30]); - if ($settings[27] ne 'RED'){next;} - if ($settings[4] ne 'net'){next;} - if ($settings[1] ne 'on'){next;}chomp($settings[29]); - if ($settings[29] ne 'on'){next;} - - my $remotehostname = $settings[11]; - - if ($debug){logger("Checking connection to $remotehostname.");} - - my $remoteip = `/usr/bin/ping -c 1 $remotehostname 2>/dev/null | head -n1 | awk '{print \$3}' | tr -d '()' | tr -d ':'`;chomp($remoteip); - if ($remoteip eq ""){next;if ($debug){logger("Unable to resolve $remotehostname.");}} - my $ipmatch= `echo "$status" | grep '$remoteip' | grep '$settings[2]'`; - my $established= `echo "$status" | grep '$settings[2]' | grep -e 'erouted;' -e 'INSTALLED'`; - my $known= `echo "$status" | grep '$settings[2]'`; - - if ( $ipmatch eq '' && $known ne '' ){ - logger("Remote IP for host $remotehostname($remoteip) has changed, restarting ipsec."); - system("/usr/local/bin/ipsecctrl S $settings[0]"); - $round=0; - } - - if ($debug){logger("Round=".$round." and established=".$established);} - - if ( ($round == 0) && ($established eq '')) { - logger("Connection to $remotehostname($remoteip) not erouted, restarting ipsec."); - system("/usr/local/bin/ipsecctrl S $settings[0]"); - $round=0; - - } - } - if ($debug){logger("All connections may be fine nothing was done.");} -} - -sub logger { - my $log = shift; - system("logger -t vpnwatch \"$log\""); -}